Tag: bi0sCTF

avernos - bi0s CTF 2025

the.m3chanic

2025-07-17

tl;dr

Mixed mode assembly (a feature of .NET binaries), involving both C# as well as C++ code in the same executable
Code flow jumps between both C#/C++ frequently to make analysis harder
SEH mechanism triggered in C++ code, which uses SEH trampoline to make debugging harder
SEH triggered once again in C#, which is handled by C++
VM bytecode is decrypted loaded by C#
VM checks input in 4 ways: CRC32 hash (2 byte pairs), RC4 encryption, rolling XOR and byte by byte checks

bi0sCTF

Don't Whisper - bi0sCTF 2025

w1z

2025-07-14

Misc

tl;dr

Whisper model converts audio to text
text is passed through subprocess and not sanitized
difficult to generate a command injection through manual voice
Need to invert the Neural network that will generate the audio file we need
Implement Gradient descent based inversion to find input for target output.
Generate the audio file and send, get flag!

bi0sCTF

...Like PRNGS to Heaven - bi0sCTF 2025

AeroSol

2025-06-13

Crypto

tl;dr

ECDSA signing server with biased nonce
Exploitation by modelling a EHNP instance and using z3 Solver for breaking Mersenne Twister

bi0sCTF PRNG Prediction ecdsa Lattice EHNP z3

Uninitialized VM - bi0sCTF 2025

B4tMite

2025-06-13

Pwn

tl;dr

memcpy in CPY goes out-of-bounds of VM stack.
Abuse memcpy to copy the register struct to stack and modify the values using stack operations and register operations.
Copy values back to the register struct, modifying the VM stack bp and sp registers.
This migrates the VM stack to wherever you want, gaining arbitrary read and write.
Leak environ pointer to get stack leak.
Migrate VM stack to main function’s stack to overwrite return address with ROP chain or one-gadget.

bi0sCTF

Batman Investigation IV - The Last J0ke - bi0sCTF 2024

Azr43lKn1ght

Jl_24

2024-04-17

Forensics

tl;dr

Analysis of different types of malware in a linear storyline
Windows timelining
Analysis of Rootkit, Ransomware, C2 Framework, Process Hollowing, Persistence, and more

bi0sCTF Incident Response Malware Analysis Threat Hunting bi0sctf2024 Ransomware Ransomware Analysis Ransomware Investigation Ransomware Recovery Reverse Engineering Windows Forensics Rootkit Analysis C2 Analysis Windows timelining

challengename - bi0sCTF 2024

Hisoka

2024-03-28

Cryptography

tl;dr

appending same bytes to an existing collision results in a collision as well
reusing nonce leads to secret leak

bi0sCTF Exploitation ecdsa Hash collision

Predictable - bi0sCTF 2024

2024-03-28

Crypto

tl;dr

Timing-based attack on the double-and-add algorithm to recover secret value d
Predict pseudo-random value using the NSA backdoor on Dual_EC_DRBG

bi0sCTF Dual_EC_DRBG NSA Backdoor PRNG Prediction

Batman Investigation III - Th3 Sw0rd 0f Azr43l - bi0sCTF 2024

Azr43lKn1ght

2024-03-19

Forensics

tl;dr

Challenge 2 of Batman Investigation series
Ransomware Investigation
Rust based Ransomware Analysis with process dump analysis to recover the randomly generated decryption vector and windows malware analysis
Recovering from a ransomware attack

bi0sCTF Incident Response Malware Analysis WinDBG Dump Debugging Threat Hunting bi0sctf2024 Ransomware Ransomware Analysis Ransomware Investigation File Forensics Ransomware Recovery Reverse Engineering Windows Forensics Browser Forensics Process Memory Analysis